Re: some reality about iptables, please

To: Debian-User List <debian-user@lists.debian.org>
Subject: Re: some reality about iptables, please
From: Kevin Mark <kevin@localhost>
Date: 26 Aug 2003 23:14:08 -0400
Message-id: <[🔎] 1061954046.4931.10.camel@debian.potter>
Reply-to: kmark@pipeline.com
In-reply-to: <[🔎] 1061946734.3524.23.camel@ganesha>
References: <[🔎] 1061946734.3524.23.camel@ganesha>

On Tue, 2003-08-26 at 21:12, Bret Comstock Waldow wrote:
> I can find all the sites and advice I want about how to form iptables
> rules, but I can't find any decent discussion of how to enable the damn
> things.
> 
> I get the idea that an iptables firewall is set up by actually running a
> bunch of "iptables -options" lines, presumably from a script.
> 
> But where do I put the script(s)?
> 
> There's a mechanism set up in /etc/default/iptables.  I quote from the
> file:
> 
> # A: I was pretty much hounded into providing it. I do not like it.
> #    Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
> #    scripts use /etc/ppp/ip-*.d/ script. Create your own custom
> #    init.d script -- no need to even name it iptables.  Use ferm,
> #    ipmasq, ipmenu, guarddog, firestarter, or one of the many other
> #    firewall configuration tools available. Do not use the init.d
> #    script.
> ...
> # Q: How do I get started?
> # A: (Did I mention "do not use it" already? Oh well.)
> 
> For crissake!  Can anyone point me at some sensible discussion of how
> the hell to go about putting firewall rules in place?  I've got a
> laptop, usually on a cable modem, but sometimes using dial-up.
> 
> I know generally about the /etc/init.d/rcX.d runlevel mechanism.  Now I
> need a sensible discussion of when and HOW to run what sorts of
> iptables-rules-containing scripts so I can figure out how to protect my
> system.  Please don't just tell me about "runlevels" - I know they exist
> already.
> 
> The Debian Security manual is useless.  It only give examples of a few
> iptables rules, says that's not enough, and speaks not at all (that I've
> found yet) about how to implement the damn things.
> 
> Someone somewhere speaks to issue of the actual plumbing to implement
> iptables.  Can anyone point me?
<snip>
you can read /etc/init.d/iptables comments for info.
here is the short version:
#clear out rules
iptables -F
#run script to load iptables rules into memory
sh iptables.sh
# make required directory? 
mkdir /var/lib/iptables
#save active rule set
/etc/init.d/iptables save active
#flush rules -- inactive rule set
iptables -F
#save inactive rules set
/etc/init.d/iptables save inactive
# enjoy rules  on next reboot or /etc/init.d/iptables start
-Kev

Reply to:

Follow-Ups:
- Re: some reality about iptables, please
  - From: Bret Comstock Waldow <bwaldow@alum.mit.edu>
- Re: some reality about iptables, please
  - From: Bret Comstock Waldow <bwaldow@alum.mit.edu>

References:
- some reality about iptables, please
  - From: Bret Comstock Waldow <bwaldow@alum.mit.edu>

Prev by Date: Re: spamassassin
Next by Date: RE: COBOL compiler
Previous by thread: some reality about iptables, please
Next by thread: Re: some reality about iptables, please
Index(es):
- Date
- Thread